(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 
International Bureau 

(43) International Publication Date 
23 May 2002 (23.05.2002) 




PCT 



(10) International Publication Number 

WO 02/41597 A2 



(51) International Patent Classification 7 : H04L 29/00 

(21) International Application Number: PCT/GB01/05058 

(22) International Filing Date: 

16,November 2001 (16.11.2001) 



(25) Filing Language: 

(26) Publication Language: 



English 
English 



(30) Priority Data: 

09/715,558 17 November 2000 (17.11.2000) US 

(71) Applicant (for all designated States except US): IPWIRE- 
LESS, INC. [US/US]; 1001 Bayhill Drive, 2nd Floor, San 
Bruno, CA 94066 (US). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): JONES, William, 



John [GB/GB]; Meadow Vale, Dauntsey, Chippen- 
ham SN15 4JH (GB). WILLIAMS, Andrew, Gordon 
[GB/GB]; 79 Ashford Road, Swindon SN1 3NT (GB). 
BOWRING, Michael [GB/GB]; Church Cottage, Bussage 
Hill, Bussage, Stroud GL6 8AY (GB). 

(74) Agent: HUDSON, Peter; IneuT, 121 Blackberry Lane, 
Four Marks, Alton, Hampshire GU34 5DJ (GB). 

<81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 
CZ, DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, 
HR, HU, ID, m IN, IS, JP, KB, KG, KP, KR, KZ, LC, LK, 
LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW. MX, 
MZ, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, 
TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM, ZW), 

[Continued on next page] 



(54) Title: USE OF INTERNET WEB TECHNOLOGY FOR WIRELESS INTERNET ACCESS 



< 

ON 

m 
O 




(57) Abstract: Internet web technology is used to allow a wire- 
less Internet customer to acquire a virtual subscriber identity 
module (VSIM) in an anonymous session connection and then 
transfer the VSIM to any other desired PC (personal computer). 



WO 02/41597 A2 llUIDIlllllDlilllllllHillil 



Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU. TJ, TM), 
European patent (AT, BE, CH, CY, DE, DK, ES, FI, FR, 
GB, GR, IE, IT, LU, MC, NL, PT, SE, TR), OAPI patent 
(BF, BJ, CF, CO, CI, CM, GA, GN, GQ, GW, ML, MR, 
NE, SN, TD, TG). 

Declarations under Rule 4.17: 

— as to applicant *s entitlement to apply for and be granted 
a patent (Rule 4. 17(H)) for the following designations AE, 
AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, BZ, CA, CH, 
CN, CO, CR, CU, CZ, DE, DK, DM, DZ, EE, ES, FI, GB, 
GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, 
KR, KZ, LC, LK LR, LS, LT, LU, LV, MA, MD, MG, MK 
MN, MW,MX,MZ, NO, NZ, PL, PT, RO, RU, SD, SE, SG, 
SI, SK SL, TJ, TM, TR, TT, TZ, UA t UG, UZ, VN, YU, ZA, 
ZW, ARIPO patent (GH, GM, KE t LS,MW ) MZ > SD, SL, SZ, 
TZ, UG, ZM, ZW), Eurasian patent (AM, AZ, BY, KG, KZ, 
MD, RU, TJ, TM), European patent (AT, BE, CH, CY, DE, 
DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE, TR), 
OAPI patent (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, 
ML, MR, NE, SN, TD, TG) 

— as to the applicant s entitlement to claim the priority of the 
earlier application (Rule 4. J 7(iii)) for the following desig- 
nations AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, 
BZ CA, CH, CN, CO, CR, CU, CZ, DE, DK, DM, DZ, EE, 



ES, FI, GB, GD, GE, GH, GM, HR. HU, ID, IL, IN, IS, JP, 
KE, KG, KP, KR, KZ, LC, LK LR, LS, LT, LU, LV,MA, MD, 
MG, MK MN,MW,MX,MZ, NO, NZ, PL, PT, RO, RU, SD, 
SE, SG, SI, SK SL, TJ, TM, TR, TT, TZ, UA, UG, UZ, VN, 
YU, ZA, ZW, ARIPO patent (GH, GM, KE, LS, MW, MZ, 
SD, SL, SZ, TZ, UG, ZM, ZW), Eurasian patent (AM, AZ, 
BY, KG, KZ, MD, RU, TJ, TM), European patent (AT, BE, 
CH, CY, DE, DK ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, 
PT, SE, TR), OAPI patent (BF, BJ, CF, CG, CI, CM, GA, 
GN, GQ, GW, ML, MR, NE, SN, TD, TG) 

— of inventorship (Rule 4. 1 7(iy)) for US only 

Published: 

— without international search report and to be republished 
upon receipt of that report 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



WO 02/41597 



PCT/GB01/05058 



- 1 - 

USE OF INTERNET WEB TECHNOLOGY FOR 
WIRELESS INTERNET ACCESS 

5 RELATED APPLICATIONS 

U.S. patent application Serial No. 09/626,699, filed July 
27, 2000, entitled "USE OF INTERNET WEB TECHNOLOGY TO 
REGISTER WIRELESS ACCESS CUSTOMERS" which is a 
10 continuation-in-part of U.S. patent application Serial 
No. 09/432,824, filed November 2, 1999, entitled, 
u CELLULAR WIRELESS INTERNET ACCESS SYSTEM USING SPREAD 
SPECTRUM AND INTERNET PROTOCOL (IP)", and published in 
equivalent form as European patent publication EP1098539. 

15 

INTRODUCTION 

The present invention is directed to the use of Internet 
20 web technology for wireless customer Internet access and 
specifically to allow authenticated Internet access for 
more than one personal computer. 



25 BACKGROUND OF THE INVENTION 

Both of the above applications describe a cellular 
wireless Internet access system which operates in the 2 
gigahertz or other frequency bands to provide high data 
30 rates to fixed and portable wireless Internet devices. 

Such users connect to near-by base stations which in turn 
communicate to Integrated Network Controllers which are 
then connected to the Internet. Such wireless 
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implementation relates to an access network of the UMTS 
(Universal Mobile Telephone Service) and its subset UTRAN 
(Universal Terrestrial Radio Access Network) standards. 

5 In order to gain service in a cellular wireless network 
of the types similar to the above, a sales representative 
at a retail location typically takes customer 
information, credit card number and credit history, etc. 
That information is used to create an account with a 

10 cellular service provider, with the customer information 
stored on the service provider's Home Location Register 
(HLR) or other customer database. A SIM (Subscriber 
Identity Module) card is then associated with the account 
and placed within the cellular terminal (typically, a 

15 mobile phone or wireless Internet device) . 

Both of the above techniques are cumbersome, requiring 
action on the part of the retailer or network service 
provider, and creating a time delay before a new customer 
can use the service. 

U.S. patent application Serial No. 09/626,699, allows the 
user to self-register to gain access to Internet services 
for the wireless system as above. It is,, however, also 
desired to allow authenticated access to be provided for 
various user access units. 



SUMMARY OF INVENTION 

In accordance with a first aspect of the invention, there 
is provided a method of operation in a wireless access 
network system, as claimed in claim 1. 
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In accordance with a second aspect of the invention, 
there is provided a wireless user equipment arrangement 
for use with a wireless access network system, as claimed 
5 in claim 12. 

In accordance with a third aspect of the invention, there 
is provided a computer program element, as claimed in 
claim 13. 

10 

In accordance with a fourth aspect of the invention, 
there is provided a virtual subscriber identity module 
for use with wireless user equipment in a wireless access 
network system, as claimed in claim 14. 

15 

In a preferred form of the invention, there is provided a 
method of operating a cellular wireless Internet access 
system as part of an Internet Network where users have 
personal computers (PCs) and each user utilizes a 

20 portable user equipment (UE) typically with a directly 
attached antenna for communicating in a wireless manner 
on a cellular network with an integrated network 
controller, the UE being connected to the PC, the network 
having a registration web server and an access operator 

25 authentication server. The method comprises the 
following steps : 

A PC and associated UE are used to register with a 
registration web server on the Internet Network via an 
anonymous connection to the network including downloading 

30 subscriber identity information from the registration web 
server to the PC via the UE for storage in the PC. The 
subscriber identity information includes, at least, a 
unique user identification (user ID) and a permanent 
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password. Such stored information constitutes a virtua-J 
subscriber identity module (VSIM) . The access operator 
authentication server is updated with the user ID and 
password. The user may then be connected to an allowable 
5 Internet service provider (ISP) using the VSIM, Another 
PC may be used by transferring electronically the user ID 
and password to the other PC, said transfer including one 
of the following; temporary transfer to portable magnetic 
storage means, a local area network (LAN) or e-mail 
10 attachments, or similar electronic transfer. 



BRIEF DESCRIPTION OP THE DRAWINGS 

15 FIG. 1 is a block. diagram of an Internet system 

illustrating the present invention. 

FIG. 2 is a schematic block diagram illustrating the 
present invention. 

20 

FIG. 3 is a flowchart showing the operation of the 
invention. 



DETAILED DESCRIPTION OF PREFERRED EMBODIMENT 

Referring now to FIG. 1, there is illustrated a wireless 
access user 22 with user equipment (UE) connected by 
typical data connection to the personal computer (PC) . 
The personal computer has a CD drive or similar media 
input device with a special compact disc containing 
software, including a wizard (that is the instructional 
system procedures for registration) which is placed in 
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the CD drive. In addition, a second PC and UE 21 is 
illustrated (designated 'new PC ) , whose function in the 
Internet Network system shown in FIG. 1 will be described 
below. 

5 

Both the UE and CD of system 22 are acquired and 
purchased at some retail location or by mail. This is 
described more fully in the above '699 application 
involving registration. PC 22 and its associated UE as 
10 described in the above U.S. patent application Serial No. 
09/432,824, are a part of a UMTS/UTRAN system which by 
many wireless techniques (a specific novel one is 
described in the above application) communicates in a 
wireless manner via a UTRAN network as indicated by the 
symbol 23 to an Integrated Network Controller (INC) 24. 
Such controller may be connected by wireline or otherwise 
to an Internet Protocol (IP) Network 31. As discussed 
in the above pending application, the Integrated Network 

Controller 24 includes an RNC or Radio Network 
Controller 26 which controls and allocates the radio 
network resources and provides reliable delivery of user 
traffic between a base station (described in the above 
pending application) and User Equipment (UE) and 
eventually the Integrated Network Controller (INC) 24. 
An SGSN (Serving General Packet Radio Service Support 
Node) 27 provides session control and connection to the 
Access Operator Radius Authentication Server 34. Lastly, 
LAC 28 (layer 2 Tunneling Protocol Access Concentrator) 
provides the gateway functionality to the allowable 
Internet Service Providers (ISP) 40 and to the 
registration server 36. A Layer 2 Tunneling Protocol 
Network Server (LNS) 30 terminates communication tunnels 
from the LAC through the IP network. The Access Operator 
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Radius Authentication Server 34 supports the Home 
Location Register (HLR) functionality (described in the 
above pending application) . The Access Operator 
Registration Server 36 provides the facilities for a new 
5 user to register. 

The Integrated Network Controller 24 also illustrates 
that it incorporates a "RADIUS" client 29. RADIUS is a 
system including the software that supports centralized 

10 access control for Internet access , which, as discussed 
above, is traditionally used where the access to the 
Internet is via the public switched telephone network. A 
description of RADIUS is provided by an article RFC 2138 
Remote Authentication Dial-in User Service (RADIUS) by C. 

15 Rigney, et al., April 1997, which is available at the 
website WWW . IETF . ORG ♦ 

In all cases of communication of a user equipment 21 or 
22 through the Internet Protocol Network, illustrated as 
20 31, authentication is performed by the user equipment 
(UE) signaling the customer's wireless access 
authentication information which is passed over the air 
to Integrated Network Controller 24 which queries a 
RADIUS server authentication server with the user ID 
25 (identification) and temporary password. The RADIUS 
server used is the Access Operator's RADIUS 
Authentication Server 34 which communicates with the 
Integrated Network Controller via the IP network using 
UDP/IP protocols with additional protocol layers for 
security. 

In the case of a new user, a *new user' ID and temporary 
password, preprogrammed in the CD software, is signaled 
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to the Access Operator RADIUS Authentication Server 34 
via the INC 24. The Access Operator RADIUS 
Authentication Server 34 recognizes the user as a *new 
user' and communicates a set of protocol filters to the 
5 INC 24- that results in a PPP (Point-to-Point Protocol) 

session being set up between the User's PC and the Access 
Operator's Registration Server 36 via the Layer 2 
Tunneling Protocol communication link 32 and bars the 
user from accessing any other service. The Access 
10 Operator' s Registration Server 36 is connected to the 
subscriber account management and billing system 37. 

Thus, the foregoing constitutes the anonymous session 
link where a general or non-authenticated user can still 

15 gain access to the wireless access operator' s 
registration server for the purpose of new-user 
registration. The accompanying legend indicates the 
various paths. A UMTS access network operator 33 
provides the special servers 34 and 36 along with the 

20 billing system 37. 

The flow chart of FIG. 3 describes in somewhat truncated 
detail the registration procedure set out in greater 
detail in the above co-pending '699 application. After 

25 "START" in Step 1, the user purchases the user equipment 
UE which may or may not have a particular unique 
identification number (ID) and a CD with the appropriate 
software and wizard feature installed on it. This is 
connected to the PC. Next in Step 2, the user equipment 

30 is installed on the PC via the wizard instructions on the 
CD f along with a new user ID and temporary password which 
were contained on the CD. These are then sent to the UE. 
The UE sends this authentication information over the 
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air to the RNC 26, which is passed onto the RADIUS Client 
29 and the SGSN 27 which queries the RADIUS server 34 
with a new user ID and temporary new user password. In 
effect, an anonymous connection using the temporary 
5 password is made on the Internet and as described in the 
above co-pending application, a permanent password is 
generated along with a user ID. As indicated in Step 3, 
this is stored in the PC memory of the unit 22. Thus, 
the permanent password and ID which have been 
10 electronically stored in the PC memory (which may be a 
randomly accessible memory or floppy disk or hard disk) 
form a virtual subscriber identity module or VSIM. At 
the same time (Step 6), the RADIUS server 34 is updated 
with the user's name and permanent password to provide 
15 subsequent access to allowable ISPs 40, as illustrated in 
FIG. 1. Thus, as described in the above co-pending 
application, access has been gained to the Internet 
Network on a special anonymous connection. Thus, as 
described in Step 4, connection may now be made to 
20 allowable Internet service providers (ISPs) using the 
VSIM user information via the Layer 2 Tunneling Network 
Server (LNS) 45 of the allowable ISPs 40* This route is 
shown in a dotted/dashed line designated End User Traffic 
46. 

With the VSIM, in accordance with the present invention, 
as shown in Step 6, a user may electronically transfer 
the subscriber identity information to a new or another 
PC, for example, indicated as 21 in FIG. 1. This is 
illustrated in FIG. 2 where the original PC 22 with the 
VSIM subscriber identity module information indicated in 
dashed outline transfers the VSIM information via one of 
the following electronic techniques so designated: floppy 
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disk, LAN (Local Area Network) , e-mail attachment or 
other electronic means. Thus, the new PC 21 contains the 
VSIM information so designated in the dashed block as 
VSIM 1 and may. access the Internet Network. Optionally, 
5 if as part of the VSIM or subscriber identity 

information, the unique identification or ID of the 
original associated UE with PC 22 is part of the VSIM 
information, then as shown by the optional line 47 the 
original or old UE must be transferred to the new PC 21. 
10 This prevents use by more than one subscriber; in other 
words, it is further protection against fraud. However, 
this is not necessary if the user equipment ID is not a 
part of the required VSIM information. 

15 Thus, with the foregoing the new PC 21 may now access the 
Internet Network. In summary the VSIM may manifest 
itself as the file on the hard disk of the personal 
computer being used for Internet Access, or as an 
alternative, be stored on a floppy disk or other 
20 removable media. In the case of the VSIM being stored on 
a floppy disk the end user may take that disk to a new or 
different computer connected to a new or different UE and 
gain wireless access to the Internet. Moreover, if the 
VSIM information is not encrypted, it can be retrieved 
and manually recorded by the user for transfer to another 
computer. 

Authentication and accounting is provided for against the 
identifying information of their VSIM. Other typical 
functions of a subscriber identity module (SIM) may be 
provided in addition to the unique ID, a customer 
password, and UE equipment identifier. This may include 
storage of an access network operator name, an Internet 
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service provider name, encryption of all of the above 
data, provision of all of the above data on demand to 
associated subscriber equipment to an access network 
operator, or on demand to an ISP . 

5 

In conclusion, with the use of the VSIM as described 
above in a mobile or portable wireless system, such 
information is transportable in this electronic format 
from one computer to another. Moreover, it is stored in 
10 the user's PC or personal computer rather than the 

separate user equipment or subscriber unit (such as a 
cellular telephone) „ 
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WHAT IS CLAIMED IS: 

1. A method of operation in a wireless access network 
system, comprising the steps of: 

a) a user establishing an anonymous communication 
session communicating with the network via 
wireless user equipment using a predetermined 
temporary ID and predetermined temporary 
password; 

b) the user, in the anonymous communication 
session, registering with a registration server 
arrangement ; 

c) the registration server arrangement passing to 
the user a permanent ID and permanent password 
for use by the user to subsequently access the 
system; and 

d) the permanent ID and permanent password passed 
from the registration server being stored, at 
computer means to which the user equipment is 
connected, in the form of a virtual subscriber 
identity module which may be used for 
subsequent access from the computer means or 
transferred to another computer means for 
subsequent access therefrom. 

2. The method of claim 1 wherein steps of the method 
are performed by the user running a predetermined 
software program on the computer means to which the user 
equipment is connected, and the method further comprises 
a step of transferring the virtual subscriber identity 
module to another computer means for subsequent access 
therefrom. 
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3. The method of claim 2 wherein the software program 
resides on a portable data carrier which is inserted at 
the computer means. 

5 4. The method of claim 2 wherein the virtual subscriber 
identity module is transferred electronically. 

5. The method of claim 4 wherein the virtual subscriber 
identity module is transferred via one of: 

10 portable data carrier; 

local area network; and 
e-mail. 

6. The method of any preceding claim wherein the system 
15 is a cellular wireless Internet access system. 

7. The method of any preceding claim wherein the 
registration server arrangement comprises a server 
operating in the RADIUS standard. 

20 

8. The method of any preceding claim wherein the user 
equipment is portable, wherein registration may be 
effected without prior registration formalities. 

25 9. The method of any preceding claim wherein the system 
is a UMTS system. 

10. The method of claim 9 wherein the system is a UTRAN 
system. 

30 
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11. The method of any preceding claim wherein the 
virtual subscriber identity module comprises at least one 
of: 

an identifier unique to the user equipment; 
5 a customer password; 

an access network operator identifier; and 
an Internet service provider identifier, 

12. A wireless user equipment arrangement for use with a 
10 wireless access network system, the arrangement 

comprising: 

, wireless user equipment; and 

a data carrier holding a software program for 
running on a computer to establish an anonymous 
15 communication session via a temporary ID and temporary 
password and to store a permanent ID and a permanent 
password in a virtual subscriber identity module, for a 
user to use the system by the method of any one of claims 
1 to 11. 

20 

13. A computer program element comprising computer 
program means for establishing an anonymous communication 
session via a temporary ID and temporary password and for 
storing a permanent ID and a permanent password in a 

25 virtual subscriber identity module, for a user to use a 
wireless access network system by the method of any one 
of claims 1 to 11. 
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14. A virtual subscriber identity module for use with 
wireless user equipment in a wireless access network 
system, the virtual subscriber identity module containing 
at least a permanent data JED and a permanent password, 
5 obtained by the method of any one of claims 1 to 11, for 
use with computer means to allow a user to use the 
system. 
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15. A method of operating a cellular wireless Internet 
access system as part of an Internet Network where users 
have personal computers (PCs) and each user utilizes a 
portable user equipment (UE) typically with a directly 
5 attached antenna for communicating in a wireless manner 
on a cellular network with an integrated network 
controller, the UE being connected to the PC, said 
network having a registration web server and an access 
operator authentication server, the method comprising the 
10 following steps: 

using a said PC and associated UE to register with 
said registration web server on said Internet Network via 
an anonymous connection to said network including 
downloading subscriber identity information from said 
15 registration web server to said PC via said UE for 

storage in said PC, said subscriber identity information 
including, at least, a unique user identification (user 
ID) and a permanent password, such stored information 
constituting a virtual subscriber identity module (VSIM) ; 
20 updating said access operator authentication server 

with said user ID and password; 

connecting to an allowable Internet service provider 
(ISP) using said VSIM; and 

transferring electronically said user ID and 
25 password to another PC, said transfer including one of 
the following; temporary transfer to portable magnetic 
storage means, a local area network (LAN) e-mail 
attachment, or similar electronic transfer. 
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16. A method as in claim 15 where said UE has a unique 
ID and is included as part of said subscriber identity 
information whereby the original associated UE is 
connected to said another PC to enable an Internet 
5 session. 
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